Skip to main content

Zest

Cookie consent

Menu

Choose a theme and configure high-contrast mode. Preferences are saved in your browser only.

User Preferences

Theme

Pick a palette or follow your system preference.

High Contrast

Sharper text and borders. System follows your OS setting.

Regulations

Google Consent Mode — What It Is and Why It Matters

How Google Consent Mode works, what v2 changed, and how to implement consent signals that Google respects.

Google Consent Mode is Google’s mechanism for receiving and respecting user consent signals. If you use Google Analytics, Google Ads, Floodlight, or any Google service that processes user data, you need to understand Consent Mode.

It’s not a law. It’s Google’s way of complying with laws, and their way of making sure YOU comply too. For the underlying legal frame, see our GDPR guide.

How it works

Consent Mode is an API. You send Google a signal:

  • analytics_storage: 'granted': the user said yes to analytics cookies
  • ad_storage: 'denied': the user said no to advertising cookies
  • ad_user_data: 'granted': the user said yes to their data being used for ads
  • ad_personalization: 'denied': the user said no to personalized ads

Google then respects these signals. If analytics storage is denied, Google Analytics won’t set cookies. Instead, it sends cookieless pings for basic measurement. If ad storage is denied, Google won’t use cookies for ads.

Consent Mode v2 (March 2024) was Google’s response to the EU Digital Markets Act. It added two new signals:

  • ad_user_data: controls whether personal data can be sent to Google for advertising purposes
  • ad_personalization: controls whether data can be used for remarketing and personalized ads

These are now mandatory for advertisers using Google services in the EEA.

Default vs update commands

Consent Mode has two states:

  1. Default: what Google assumes before consent is given. Set this to denied for everything.
  2. Update: what Google uses after the user makes a choice. Set this based on actual consent.

The critical implementation detail is that your default command must run before any Google tags load. If Google’s scripts fire before your consent default is set, they’ll assume full consent and set all the cookies.

Consent Mode doesn’t block Google entirely when consent is denied. Google Analytics sends cookieless pings, anonymous aggregated data without cookies. Google Ads uses conversion modeling where possible.

Is this compliant with GDPR? It depends on your interpretation. The EU DPAs haven’t issued definitive guidance on Consent Mode’s cookieless pings. Some consider them acceptable without consent; others don’t. Zest takes the conservative approach, and if you also run tracking pixels or want a banner that actually drives opt-in, pair it with consent banner design tuned for opt-in rates.

How Zest handles it

Zest integrates with Google Consent Mode v2 natively:

  • Defaults to denied for all storage and data types
  • Updates to actual consent immediately after user choice
  • Runs the default command before any Google tags initialize
  • Supports both global site tags (gtag.js) and Google Tag Manager
  • Respects the user’s ability to change consent at any time

No Google tracking fires until your visitor makes a choice. That’s the only correct implementation.

Own your cookie banner.

Zest is free and MIT-licensed, and it doesn't phone home to anyone.
Drop the script in and you're done.

Try it free